htaccess replaced by malicious scriptHello everyone, I'm having a problem with my server (Hostmonster) somehow it's been compromised and a malicious script is replacing my .htaccess. The replaced .htaccess contains redirects to other sites like answerfloat.ru which I'm sure contain viruses and trojans or whatever else (sorry I'm not to familiar with IT lingo). We contain the attack by using CronJobs that rewrite the htaccess to the original file, this works ok so far but I don't want it to be a permanent solution. My new problem here is that somehow the &quot;malicious script&quot; is now generating .php files with new redirection scripts. Any ideas to permanently solve this issue will be so much appreciated.
Thanks for the help.http://sla.ckers.org/forum/read.php?1,41205,41205#msg-41205
Tue, 31 Mar 2015 17:06:00 -0500Phorum 5.2.15ahttp://sla.ckers.org/forum/read.php?1,41205,42974#msg-42974Re: htaccess replaced by malicious scripthttp://sla.ckers.org/forum/read.php?1,41205,42974#msg-42974
Also Go on the offensive and throw some malicious shit of your own on your own website. Not for your users but specifically targeting the compromised path to your .htaccess files. Then get your buddies together and attack.
Or just iplocate them and call there isp, with logged proof of there actions and, you've got yourself the permanent solution your looking for, but there probably routing there attack through 20 different pc's all over the world so make sure you get them to download something, so you can actually trace it, or perhaps embed your .htaccess files because there obviously getting to those, not sure if you could get away with a renaming action file but its worth a shot.
By just changing your passwords, or hosts, your not doing anything, chances are there not taking the password route. Your probably being attacked by an advertising company with 20 different hackers at there disposal, they may be using a cracker program but they are not crackers(crackers are those that guess at passwords, where-as Hackers find vulnerabilities and exploit them through various methods), and I can tell you that for sure due to the sophisticated methods there using.
If you attack they will just disappear, because there trying to make money, and if your slowing that process down, then there not making as much, so there is no point in a counter-attack from where the stand, because it would just not make financial sense.

If you want some help, I could use the practice.]]>Divine_DefenderIntroWed, 15 Feb 2012 15:31:41 -0600http://sla.ckers.org/forum/read.php?1,41205,41212#msg-41212Re: htaccess replaced by malicious scripthttp://sla.ckers.org/forum/read.php?1,41205,41212#msg-41212
Unless there's something in your website that's allowing users to write to the .htaccess files, it seems like just changing your passwords would probably do the trick!

Just change passwords for things like:

- Control panel
- FTP
- SSH
- Any other kinds of access you might have